From e49f6661f3bbe84edbfaf6c84fcdc380ca92d18e Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Sat, 23 Jan 2021 18:35:31 +0100 Subject: [PATCH 01/10] chore(docker): add a data directory for dex to var Signed-off-by: Mark Sagi-Kazar --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index 07ffb617..7e55a0c1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -33,6 +33,9 @@ WORKDIR / # OpenSSL is required so wget can query HTTPS endpoints for health checking. RUN apk add --no-cache --update ca-certificates openssl +RUN mkdir -p /var/dex +RUN chown -R 1001:1001 /var/dex + USER 1001:1001 COPY --from=0 /go/bin/dex /usr/local/bin/dex From fade69b5ae16f4d2487a45866bace465b10d9398 Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Sat, 23 Jan 2021 18:45:12 +0100 Subject: [PATCH 02/10] chore(docker): relocate module files in the final image /usr/local/src sounds like a better place than /opt Signed-off-by: Mark Sagi-Kazar --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7e55a0c1..741858fd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,14 +36,14 @@ RUN apk add --no-cache --update ca-certificates openssl RUN mkdir -p /var/dex RUN chown -R 1001:1001 /var/dex +# Copy module files for CVE scanning / dependency analysis. +COPY --from=0 /usr/local/src/dex/go.mod /usr/local/src/dex/go.sum /usr/local/src/dex/ +COPY --from=0 /usr/local/src/dex/api/v2/go.mod /usr/local/src/dex/api/v2/go.sum /usr/local/src/dex/api/v2/ + USER 1001:1001 COPY --from=0 /go/bin/dex /usr/local/bin/dex -# Copy module dependencies for CVE scanning / dependency analysis. -COPY go.mod go.sum /opt/dex/dependencies/ -COPY api/v2/go.mod api/v2/go.sum /opt/dex/dependencies/api/v2/ - # Import frontend assets and set the correct CWD directory so the assets # are in the default path. COPY web web From b19fe5b49dffa89c9629bd3f506b7918b0b7e749 Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Sat, 23 Jan 2021 18:46:56 +0100 Subject: [PATCH 03/10] chore(docker): move copying the dex binary up in Dockerfile Signed-off-by: Mark Sagi-Kazar --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 741858fd..7f31e849 100644 --- a/Dockerfile +++ b/Dockerfile @@ -40,10 +40,10 @@ RUN chown -R 1001:1001 /var/dex COPY --from=0 /usr/local/src/dex/go.mod /usr/local/src/dex/go.sum /usr/local/src/dex/ COPY --from=0 /usr/local/src/dex/api/v2/go.mod /usr/local/src/dex/api/v2/go.sum /usr/local/src/dex/api/v2/ -USER 1001:1001 - COPY --from=0 /go/bin/dex /usr/local/bin/dex +USER 1001:1001 + # Import frontend assets and set the correct CWD directory so the assets # are in the default path. COPY web web From feb90bd1b1be74d538ef17f8193dce837a2e94af Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Sat, 23 Jan 2021 18:54:14 +0100 Subject: [PATCH 04/10] chore(docker): update builder image Signed-off-by: Mark Sagi-Kazar --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7f31e849..32a653ce 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.15.7-alpine3.12 +FROM golang:1.15.7-alpine3.13 ARG TARGETOS ARG TARGETARCH From 89f737329b02a33edb327330658268b4a7e264f1 Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Sat, 23 Jan 2021 18:58:04 +0100 Subject: [PATCH 05/10] chore(docker): rename the builder image Signed-off-by: Mark Sagi-Kazar --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 32a653ce..233c3406 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.15.7-alpine3.13 +FROM golang:1.15.7-alpine3.13 AS builder ARG TARGETOS ARG TARGETARCH @@ -37,10 +37,10 @@ RUN mkdir -p /var/dex RUN chown -R 1001:1001 /var/dex # Copy module files for CVE scanning / dependency analysis. -COPY --from=0 /usr/local/src/dex/go.mod /usr/local/src/dex/go.sum /usr/local/src/dex/ -COPY --from=0 /usr/local/src/dex/api/v2/go.mod /usr/local/src/dex/api/v2/go.sum /usr/local/src/dex/api/v2/ +COPY --from=builder /usr/local/src/dex/go.mod /usr/local/src/dex/go.sum /usr/local/src/dex/ +COPY --from=builder /usr/local/src/dex/api/v2/go.mod /usr/local/src/dex/api/v2/go.sum /usr/local/src/dex/api/v2/ -COPY --from=0 /go/bin/dex /usr/local/bin/dex +COPY --from=builder /go/bin/dex /usr/local/bin/dex USER 1001:1001 From 7b2972a04b63ca6ff324c255f942fe5fb554bf21 Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Sat, 23 Jan 2021 19:02:05 +0100 Subject: [PATCH 06/10] chore(docker): copy web assets from the build image Signed-off-by: Mark Sagi-Kazar --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 233c3406..a024a54c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -46,7 +46,7 @@ USER 1001:1001 # Import frontend assets and set the correct CWD directory so the assets # are in the default path. -COPY web web +COPY --from=builder /usr/local/src/dex/web web ENTRYPOINT ["dex"] From a33669e3ecac3854e6129b5e827fb94b753d74b5 Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Sat, 23 Jan 2021 19:06:24 +0100 Subject: [PATCH 07/10] chore(docker): move user to the end Signed-off-by: Mark Sagi-Kazar --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index a024a54c..53f72023 100644 --- a/Dockerfile +++ b/Dockerfile @@ -48,6 +48,8 @@ USER 1001:1001 # are in the default path. COPY --from=builder /usr/local/src/dex/web web +USER 1001:1001 + ENTRYPOINT ["dex"] CMD ["version"] From d2d0d4a1eaa91136ab305e5851c64cc07ef08bd7 Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Sat, 23 Jan 2021 19:13:13 +0100 Subject: [PATCH 08/10] chore(docker): reorder instructions in build image Signed-off-by: Mark Sagi-Kazar --- Dockerfile | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 53f72023..8d5d7d1a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,14 @@ FROM golang:1.15.7-alpine3.13 AS builder +WORKDIR /usr/local/src/dex + +RUN apk add --no-cache --update alpine-sdk + ARG TARGETOS ARG TARGETARCH ARG TARGETVARIANT="" -WORKDIR /usr/local/src/dex - -ENV GOOS=${TARGETOS} \ - GOARCH=${TARGETARCH} \ - GOARM=${TARGETVARIANT} - -RUN apk add --no-cache --update alpine-sdk +ENV GOOS=${TARGETOS} GOARCH=${TARGETARCH} GOARM=${TARGETVARIANT} ARG GOPROXY From c939e51cb420bda3076e64696842e201dda08e32 Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Sun, 24 Jan 2021 00:49:08 +0100 Subject: [PATCH 09/10] chore(docker): drop no-op workdir Signed-off-by: Mark Sagi-Kazar --- Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8d5d7d1a..660df3ae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,8 +22,6 @@ RUN make release-binary FROM alpine:3.13.0 -WORKDIR / - # Dex connectors, such as GitHub and Google logins require root certificates. # Proper installations should manage those certificates, but it's a bad user # experience when this doesn't work out of the box. From bb651cc6647cf56850fdaadb6e7606a37da52eea Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Sun, 24 Jan 2021 00:56:53 +0100 Subject: [PATCH 10/10] chore(docker): copy web assets to the filesystem root Signed-off-by: Mark Sagi-Kazar --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 660df3ae..0992b530 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,7 +42,7 @@ USER 1001:1001 # Import frontend assets and set the correct CWD directory so the assets # are in the default path. -COPY --from=builder /usr/local/src/dex/web web +COPY --from=builder /usr/local/src/dex/web /web USER 1001:1001